The Intersecting Worlds of Fraud Prevention and Counter Terrorism

Solution providers and policy makers from both worlds need to meet up and share ideas, thoughts and experience for the benefit of both.

The world of fraud prevention (and information security in general), is characterized by an arms race between the good guys and the bad guys. Security companies and financial institutions develop solutions, procedures and policies to thwart fraud attempts, while fraudsters develop the tools and techniques to circumvent these systems. If a certain fraudulent activity is observed, companies react by customizing the systems, or inventing new ones, to identify and prevent the reoccurrence of this activity.

This characteristic, though, isn’t limited to fraud prevention alone. Other worlds are similar, in which the bad guys try to come up with innovative ways to circumvent the systems that try to identify and stop them, so they could cause damage. Take the world of counter terrorism, in which bad guys try to come up with innovative ways to sneak bombs onto airplanes (and sometimes succeed), while those who try to prevent them from doing so create innovative (and sometimes intrusive) ways to identify them. The similarities between counter terrorism and fraud prevention don’t end there. The systems built to detect and stop the bad guys are also similar, sometimes even identical.

Take the customs office, for example. In various ports around the world, a staggering amount of containers arrive and depart all the time. Customs officers can only inspect a miniscule percentage of these containers for anything illegal and malicious. Therefore, whenever they do get around to checking a container, they need to make it count. This is done by building a profile on each importer and exporter – who does s/he normally trade with, what kind of goods are usually in the container, etc. Only when a computer system detects that a certain container does not meet a certain profile will the customs officers spring into action and inspect the container.

If this sounds familiar to you, it’s because the same exact method is used for detecting fraud in online banking. All you need to do is replace “container” with “money transfer” and “customs officer” with “fraud analyst.” In the political island of Israel, the police busted one of the biggest drug shipments in the country’s history using such a system. However, the system can (and probably is) used to identify potential smuggling attempts of firearms bought for malicious intent. Such a system could have identified the famous “toner bombs” and other concealed shipments of armaments would also face a challenge going through customs that use such a system.

Another example is WeCU Technologies, an Israeli start-up that is building a technology to identify terrorists by asking them simple questions such as “Are you a terrorist?” The automated system reads biometric signs to detect how the person being tested is reacting, identifying possible intent for malicious activities. The technology automates and improves a similar procedure already in place at Israeli airports, in which security officers question all passengers about their intent, searching for certain reactions that may indicate nefarious intents.

How can this help fighting fraud? In my first article for SecurityWeek, I suggested that banks follow the same procedures in order to identify money mules interested in opening bank accounts. The limitation of such a system is fairly obvious – bank tellers are not trained Israeli security officers and cannot be expected to pick up any suspicious reactions. Automated systems developed by WeCU, however, can. While cost-benefit and ROI considerations may prevent these systems to appear in the nearest branch any time soon, they still serve as an example of how technological innovation can be used to better mitigate fraud.

As there’s a clear arms race between the good guys and bad guys in both worlds, intelligence operations are an important asset in the good guys’ arsenal. Security companies often blog and tweet about new tools or services identified in the hacker and fraudster underground – an intricate web of underground online communities. The same goes with counter terrorism. Various companies, such as (you guessed it) Israeli-based Terrogence, gather intelligence on Jihadist forums, tracking discussions and the actors operating within these communities.

The worlds of counter terrorism and fraud prevention should increase their ties. Systems that are already implemented in one world may be applied to the other. Concepts that have been successfully used in one world may serve as route markers for those who develop solutions for the other. Solution providers and policy makers from both worlds need to meet up and share ideas, thoughts and experience for the benefit of both.

Will and when such an event will take place? I can’t tell. But it will probably happen in a small state on the eastern banks of the Mediterranean, known as Israel.

Idan Aharoni is the Head of Cyber Intelligence for the FraudAction Intelligence team at RSA where he is responsible for gathering, analyzing and reporting intelligence findings on cybercrime and fraud activity. Mr. Aharoni joined Cyota (later acquired by RSA) in February 2005 as an analyst at the Anti-Fraud Command Center. During his service, he founded the FraudAction Intelligence team, which he leads today. Between his work at the Anti-Fraud Command Center, as well as the unique insight he has gained by the intelligence and discoveries gathered by his team, Mr. Aharoni offers vast expertise into the underground fraud economy and how cybercriminals operate.